This version is still under development! Latest stable release is v0.3.2

Configuration

This page gives an overview of all the configuration options, they can be set by using the environment variable in the core or agent component of stackl.

Stackl Core Configuration table

The following environment variables can be set for the stackl-core:

ParameterDescriptionDefault
LOG_LEVELSet the loglevelINFO
STACKL_STORESet the type of stackl store options: Redis/LFSRedis
STACKL_DATASTORE_PATHPath where to safe the stackl documents, only used when STACKL_STORE is LFS/lfs-store
STACKL_REDIS_TYPESet the redis type, only change this to false for testingreal
STACKL_REDIS_HOSTThe host where redis is runninglocalhost
STACKL_REDIS_PORTThe port of the running redis instance6379
STACKL_REDIS_PASSWORDPassword of the redis instance
STACKL_OPA_HOSTHostname of the OPA instancehttp://localhost:8181
ELASTIC_APM_ENABLEDUse this to enable the Elastic APM middleware, configuration can be done by using environment variables, for more information: APM configFalse

Stackl Agent Configuration table

The following environment variables can be set for the stackl-agent:

General Settings

ParameterDescriptionDefault
STACKL_HOSTHost where stackl is runninghttp://localhost:8000
AGENT_NAMEName of the agentcommon
AGENT_TYPEType that will be used for executing jobs, choices: kubernetes, docker, mockmock
REDIS_HOSTHost of the stackl redis instancelocalhost
REDIS_PORTPort of the stackl redis instance6379
REDIS_PASSWORDPassword of the redis instance
SECRET_HANDLERThe secret handler to use, choices: base64, vault, conjurbase64
LOGLEVELThe loglevel for the agent, Choices: DEBUG, INFO, ERROR, WARNINFO
STACKL_CLI_IMAGEThe image used for sending outputs back to stacklstacklio/stackl-cli
MAX_JOBSThe maximum amount of jobs that can be run in parallel10
JOB_TIMEOUTTime until a job times out. When this timeout is exceeded, the status of a kubernetes job is not tracked anymore3660

Kubernetes Handler

ParameterDescriptionDefault
STACKL_NAMESPACEThe namespace where automation jobs will be ran
SERVICE_ACCOUNTThe kubernetes service account that will be used for jobs

Vault Secret Handler

ParameterDescriptionDefault
VAULT_ROLEvault role to be used by vault-agent
VAULT_ADDRhostname/ip where vault is running
VAULT_MOUNT_POINTThe kubernetes auth method vault path, for more information: https://www.vaultproject.io/docs/auth/kubernetes#authentication

Conjur Secret Handler

ParameterDescriptionDefault
AUTHENTICATOR_CLIENT_CONTAINER_NAMEThe Conjur container name
CONJUR_APPLIANCE_URLUrl of the Conjur appliance
CONJUR_AUTHN_TOKEN_FILEFilename where the token will be saved
CONJUR_AUTHN_URLThe Conjur authentication URL
CONJUR_AUTHN_LOGINAuthn login path in Conjur
CONJUR_SSL_CONFIG_MAPConfigmap where the SSL cert is
CONJUR_SSL_CONFIG_MAP_KEYKey in the configmap of the SSL cert
CONJUR_VERIFYVerify Ssl, Choices: True, False

References


Last updated on February 17, 2020